~/tools/email

Email Providers

last updated 2026-06-17 · 6 recommendations · what changed

Email is where everything else lives: password resets, receipts, your real name. Moving it off Gmail or Outlook is one of the bigger wins you can get, and it's less painful than it sounds.

before you pick Email was never designed to be private. Even the best provider here can't encrypt a message end-to-end when the other side is on Gmail. What you're choosing is who stores your mail, under which laws, and how much of it they can read. Set your expectations there and you'll choose well.

what actually matters

encryption at rest

Can the provider read your stored mail? "Zero-access" means even they can't open your inbox.

jurisdiction

The laws the provider answers to. Switzerland and Germany are popular for a reason: strong privacy law, no gag-order culture.

standard protocols

IMAP/SMTP support means you can use any mail client and leave anytime. Some providers trade this away for stronger encryption.

custom domain

Your address shouldn't be hostage to a provider. A domain you own means you can switch later without telling anyone.

recommendations

Proton Mail

the default pick

🇨🇭 switzerlandzero-accessopen-source clientsauditedfree tier · ~€4/mo

The most technically robust encrypted provider available. Mail between Proton users is end-to-end encrypted automatically, everything at rest is zero-access, and the apps are polished enough that nobody in your family will complain. The wider ecosystem (Calendar, Drive, VPN, Pass, SimpleLogin aliases) makes it a clean one-stop Google exit, and the VPN bundle discount is genuinely good value.

Be clear-eyed about one thing: Proton has cooperated with Swiss court orders on the narrow data it does hold (IP logs, metadata) while consistently honoring its stated data-minimization policy. The cases that drew criticism involved user assumptions about data that was never claimed to be protected. Not a scandal; a threat-model calibration issue.

good

Zero-access storage; E2EE between Proton users and via PGP
Polished apps on every platform
Custom domains, catch-all, and built-in aliasing on paid plans
Long track record and regular independent audits

mind the

No direct IMAP: desktop clients need Proton Bridge (paid plans)
Will comply with Swiss courts for the metadata it does hold: calibrate accordingly
VC-backed and increasingly commercial: worth monitoring, not currently a red flag
Subject lines aren't encrypted (PGP limitation)

free tier · paid from ~€4/mo proton.me/mail →

mailbox

the standards pick

🇩🇪 germanyimap/smtppgp guardoffice suite~€1/mo

For people who want privacy without leaving standard email behind. Rebranded from Mailbox.org to simply "mailbox" in September 2025, with product names Mail, Office, Meet, and Drive replacing the old branding; same German company (Heinlein Group), same data centers. Full IMAP/SMTP means Thunderbird, FairEmail, or anything else just works, no bridge, no lock-in. Optional PGP "Guard" encrypts mail at rest, and you get a full calendar/contacts/office suite for pocket change.

good

Real IMAP/SMTP: use any client, migrate out anytime
Cheap, transparent pricing; no free-tier upsell games
Custom domains on every plan
Boring in the best way: stable German company since the 90s

mind the

Encryption at rest is opt-in, not the default
Web interface looks dated next to Proton or Tuta
No free tier (30-day trial only)

from ~€1/mo mailbox.org →

Tuta

the all-in encryption pick

🇩🇪 germanyencrypts subjectspost-quantumopen sourcefree tier · ~€3/mo

Tuta goes further than anyone on encryption: its own protocol covers subject lines, calendars, and contacts, and it's already rolling in post-quantum algorithms. The trade: you live inside Tuta's apps. If maximum encryption matters more to you than client choice, this is the one.

good

Encrypts more than PGP can, including subject lines
Very affordable paid plans; fair free tier
Fully open-source clients
Encrypted calendar included even on free

mind the

No IMAP at all: official apps only
No PGP interop with other encrypted providers
Search and offline behavior can feel limited

free tier · paid from ~€3/mo tuta.com →

Posteo

the anonymity pick

🇩🇪 germanyanonymous signupcash paymentgreen energy€1/mo

No name, no phone number, and you can literally mail them cash. Posteo strips identifying data on purpose and keeps the price at a euro a month. The catch is philosophical consistency: no custom domains, because your address would link back to you.

good

Truly anonymous signup and payment options
IMAP/SMTP supported; optional full-storage encryption
€1/mo, no tiers, no upsells

mind the

No custom domains: by design, but a real lock-in trade-off
2GB base storage is small (expandable cheaply)
Spartan web interface

€1/mo flat posteo.de →

StartMail

the alias-first pick

🇳🇱 netherlandsunlimited aliasesimap/smtpbuilt-in pgp~$5/mo

From the Startpage family, with aliasing as the headline feature: unlimited burner and custom aliases built straight into the inbox, no separate service to wire up. Standard IMAP/SMTP means any client works, and PGP is handled in the web interface for the rare correspondent who has it. The pragmatic pick if alias-per-signup is the habit you're building your email life around.

good

Aliases are first-class: create and burn them inline as you sign up
IMAP/SMTP support; custom domains available
Simple one-tier pricing, EU jurisdiction

mind the

Same System1 (ad-tech) ownership caveat as Startpage
Encryption at rest is vault-based, not zero-access like Proton/Tuta
No free tier; smaller ecosystem (no calendar/drive suite)

~$5/mo startmail.com →

Disroot

the nonprofit pick

🇳🇱 netherlandsnonprofit collectiveno ads, no trackingimap/smtpfree

Disroot isn't a company selling you a product: it's a nonprofit, ethically-run collective offering email alongside a wider suite of federated and open-source services (cloud storage, chat, calendars, and more), funded by donations rather than subscriptions. Standard IMAP/SMTP means any client works, and there's no upsell funnel because there's nothing being sold. The trade is the one you'd expect from volunteer-run infrastructure: no SLA, no support line, and storage limits are modest.

good

Nonprofit, donation-funded: no ads, no data monetization incentive
Free, with standard IMAP/SMTP access
Part of a wider ethical-services suite beyond just email
EU jurisdiction (Netherlands)

mind the

No zero-access encryption at rest: trust is in the collective's ethics, not cryptography
Volunteer-run: no formal SLA or paid support
Modest default storage; donations keep the lights on, so consider chipping in

free, donation-funded disroot.org →

at a glance

provider	jurisdiction	zero-access	imap	custom domain	free tier	from
Proton Mail	🇨🇭 CH	yes	via bridge	paid	yes	~€4/mo
Mailbox.org	🇩🇪 DE	opt-in	yes	yes	trial	~€1/mo
Tuta	🇩🇪 DE	yes	no	paid	yes	~€3/mo
Posteo	🇩🇪 DE	opt-in	yes	no	no	€1/mo
StartMail	🇳🇱 NL	vault-based	yes	yes	trial	~$5/mo
Disroot	🇳🇱 NL	no	yes	no	yes	free

prices are ballpark annual rates, check the provider before you commit.

worth knowing

Get a domain before you migrate. A you@yourdomain.com address means you can change providers in an afternoon without updating a single account. It's the cheapest insurance on this page.

Don't hand your address to everyone. Pair your provider with an aliasing service (SimpleLogin, addy.io, or the aliasing built into Proton's paid plans and StartMail): a unique alias per signup means leaks are traceable and revocable.

Pick a recovery address outside your main ecosystem. A free account at an ethically run independent provider like Disroot makes a solid recovery/backup address, meaningful redundancy without re-concentrating everything in one company's hands.

Migrate in layers. Forward your old inbox to the new one, move important accounts first (banks, government, recovery emails), and let the long tail update itself over a few months. Nobody actually does it in one weekend.

Email ≠ secure messaging. If the content truly can't leak, it belongs in a private messenger, not an inbox.